<?php
include('includes/dbconnection.php');
$link_spl_char = array("&", "|", "~", "!", "@", "#", "$", "%", "^", "*", "(", ")", "+", "=", "{", "}", ":", ";","'",'"',"<",">","?","/",",","\\");
$module = $_POST['module'];
$process = $_POST['process'];

switch($module)
{
	case 'page':
		$link_name = str_replace($link_spl_char, "", $_POST['page_name']);
		$link_name = strtolower(str_replace(" ", "_", $link_name));
		switch($process)
		{
			case 'add':
				$order_id = generateOrderId();
				$sql = "insert into page(`page_name`,`maincontent`,link_name,sub_page,parent_page,`meta_title`, `meta_content`, `meta_keywords`, `active_status`,order_id, `created_datetime`) values ('".mysql_escape_string($_POST['page_name'])."','".mysql_escape_string($_POST['maincont'])."','".mysql_escape_string($link_name)."','".mysql_escape_string($_POST['sub_page'])."','".mysql_escape_string($_POST['parent_page'])."','".mysql_escape_string($_POST['meta_title'])."','".mysql_escape_string($_POST['meta_desc'])."','".mysql_escape_string($_POST['meta_keywords'])."','".mysql_escape_string($_POST['authorised'])."','".$order_id."','".gmdate('Y-m-d H:i:s')."')";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php";</script>';
				break;
			case 'edit':
				$sql = "update page set `page_name`='".mysql_escape_string($_POST['page_name'])."',maincontent='".mysql_escape_string($_POST['maincont'])."', sub_page='".mysql_escape_string($_POST['sub_page'])."', parent_page='".mysql_escape_string($_POST['parent_page'])."', `meta_title`='".mysql_escape_string($_POST['meta_title'])."', `meta_content`='".mysql_escape_string($_POST['meta_desc'])."', `meta_keywords`='".mysql_escape_string($_POST['meta_keywords'])."', `active_status`='".mysql_escape_string($_POST['authorised'])."', `modified_datetime`='".gmdate('Y-m-d H:i:s')."' where id='".$_POST['page_id']."'";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php";</script>';
				break;	
		}
		break;

	case 'section':
		switch($process)
		{
			case 'add':
				$sql = "insert into section(`section_name`, `page_name`, `content`, `active_status`, `created_datetime`) values ('".mysql_escape_string($_POST['section_name'])."','". str_replace("'", "''", $_POST['maincont']) ."','".mysql_escape_string($_POST['maincont'])."','".mysql_escape_string($_POST['authorised'])."','".gmdate('Y-m-d H:i:s')."')";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=section";</script>';
				break;
			case 'edit':
				$sql = "update section set `section_name`='".mysql_escape_string($_POST['section_name'])."', `page_name`='".mysql_escape_string($_POST['page_name'])."', `content`='". str_replace("'", "''", $_POST['maincont']) . "', `active_status`='".mysql_escape_string($_POST['authorised'])."', `modified_datetime`='".gmdate('Y-m-d H:i:s')."' where id='".$_POST['id']."'";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=section";</script>';
				break;	
		}
		break;

	case 'images':
		switch($process)
		{
			case 'add':
				$news_pic = $_FILES['image']['name'];
				
				if(!empty($news_pic)) {
					$temp_name = str_replace($spl_char, "", $news_pic);
					$temp_name =  preg_replace("([.]+)",".",$temp_name);
					$stored_image_name = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"))."_".$temp_name;
					move_uploaded_file($_FILES['image']['tmp_name'], "../uploads/".$stored_image_name);
				}
				$id_manageImage = time();
				$sql = "insert into manage_images('id', `title`, 'url', `image`, `stored_image_name`, `active_status`, `created_datetime`) values ('$id_manageImage', ".mysql_escape_string($_POST['image_name'])."','" . $_POST['url'] . "','".mysql_escape_string($news_pic)."','". mysql_escape_string($stored_image_name) . "','".mysql_escape_string($_POST['authorised'])."','".gmdate('Y-m-d H:i:s')."')";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=images";</script>';
				break;
			case 'edit':
				$news_pic = $_FILES['image']['name'];

				if(!empty($news_pic)) {
					if (file_exists("../uploads/".$_POST['old_image_name'])) {
						unlink("../uploads/".$_POST['old_image_name']);
					}
					$temp_name = str_replace($spl_char, "", $news_pic);
					$temp_name =  preg_replace("([.]+)",".",$temp_name);
					$stored_image_name = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"))."_".$temp_name;
					move_uploaded_file($_FILES['image']['tmp_name'], "../uploads/".$stored_image_name);
				}
			
				$sql = "update manage_images set `title`='".mysql_escape_string($_POST['image_name']). "',url ='" . mysql_escape_string($_POST['url']) . "', `image`='".mysql_escape_string($news_pic)."', `stored_image_name`='".$stored_image_name."',`active_status`='".mysql_escape_string($_POST['authorised'])."', `modified_datetime`='".gmdate('Y-m-d H:i:s')."' where id='".$_POST['id']."'";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=images";</script>';
				break;	
		}
		break;
		
	case 'map_ads':
		switch($process)
		{
			case 'add':
				 $sql = "insert into map_ads(`page_name`,banner_type, `ad_name`, `active_status`, `created_datetime`) value ('".mysql_escape_string($_POST['page_name'])."','".mysql_escape_string($_POST['banner_type'])."','".mysql_escape_string($_POST['ad_name'])."','".mysql_escape_string($_POST['authorised'])."','".gmdate('Y-m-d H:i:s')."')";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=map_ads";</script>';
				break;
			case 'edit':
				$sql = "update map_ads set `page_name`='".mysql_escape_string($_POST['page_name'])."', 
						`ad_name`='".mysql_escape_string($_POST['ad_name'])."', 
						`banner_type` ='".mysql_escape_string($_POST['banner_type'])."',
						`active_status`='".mysql_escape_string($_POST['authorised'])."', 
						`created_datetime`='".gmdate('Y-m-d H:i:s')."' where id='".$_POST['id']."'";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=map_ads";</script>';
				break;	
		}
		break;	
		
	case 'banner_ads':
	
		switch($process)
		{
			
			case 'add':
				/*$news_pic = $_FILES['file_name']['name'];
				$path = "../uploads/banners/";
				
				if(!empty($news_pic)) {
					$temp_name = str_replace($spl_char, "", $news_pic);
					$temp_name =  preg_replace("([.]+)",".",$temp_name);
					$stored_image_name = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"))."_".$temp_name;
					move_uploaded_file($_FILES['file_name']['tmp_name'], $path.$stored_image_name);
				}*/
				
			 	$sql = "insert into banner_ads(`ad_name`,`source`,`active_status`,`created_datetime`) value ('".mysql_escape_string($_POST['banner_name'])."','".$_POST['source']."','".mysql_escape_string($_POST['authorised'])."','".gmdate('Y-m-d H:i:s')."')";
				
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=banner_ads";</script>';
				break;
			case 'edit':	
				$news_pic = $_FILES['file_name']['name'];
				$path = "../uploads/banners/";
				
				if(!empty($news_pic)) {
					if (file_exists($path.$_POST['old_file'])) {
						unlink($path.$_POST['old_file']);
					}
					$temp_name = str_replace($spl_char, "", $news_pic);
					$temp_name =  preg_replace("([.]+)",".",$temp_name);
					$stored_image_name = mktime(date("H"), date("i"), date("s"), date("n"), date("j"), date("Y"))."_".$temp_name;
					move_uploaded_file($_FILES['file_name']['tmp_name'], $path.$stored_image_name);
					
					$image_str = ",`upload_file`='".mysql_escape_string($stored_image_name)."', `file_name`='".mysql_escape_string($news_pic)."'";
				}
			
				$sql = "update banner_ads set `ad_name`='".mysql_escape_string($_POST['banner_name'])."',`url`='".$_POST['url']."',`source`='".$_POST['source']."',`active_status`='".mysql_escape_string($_POST['authorised'])."',`modified_datetime`='".gmdate('Y-m-d H:i:s')."' ".$image_str." where id='".$_POST['id']."'";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=banner_ads";</script>';	
			case 'reply':
				$file_name = "";
				$file_content = "";
				if($_FILES['attach']['name'] != "") {
					$file_content = $_FILES['attach']['tmp_name'];
					$file_content = file_get_contents($file_content);
					$file_name = $_FILES['attach']['name'];
				}
				$email_message = $_POST['message'];
				$subject = $_POST['subject'];
				
				if($file_name=="")
				{
					$headers = "MIME-Version: 1.0" . "\r\n";
					$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
					$headers .= 'From:Administrator<ida@ecstasoft.com>' . "\r\n";
					
				}
				else {
					$fdata = chunk_split(base64_encode($file_content)); //Encode data into text form
					//Determine mime type
					$ext = explode('.', $file_name);
					$ext = $ext[1];
					
					$mime_type = "text/html";	
					$headers = "From:Administrator<ida@ecstasoft.com>";
					
					$semi_rand = md5(time());
					$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
					
					$headers .= "\nMIME-Version: 1.0\n" .
					"Content-Type: multipart/mixed;\n" .
					" boundary=\"{$mime_boundary}\"";
					
					$email_message .= "This is a multi-part message in MIME format.\n\n" .
					"--{$mime_boundary}\n" .
					"Content-Type:text/html; charset=\"iso-8859-1\"\n" .
					"Content-Transfer-Encoding: 7bit\n\n" .
					$email_message . "\n\n";
					
					
					$fileatt_type = "text/html"; // File Type
					
					$email_message .= "--{$mime_boundary}\n" .
					"-: {$fileatt_type};\n" .
					" name=\"{$file_name}\"\n" .
					"Content-Disposition: attachment;\n" .
					" filename=\"{$file_name}\"\n" .
					"Content-Transfer-Encoding: base64\n\n" .
					$fdata . "\n\n" .
					"--{$mime_boundary}\n";		
				
				}
				
				mail($email,$subject,$email_message,$headers);
				echo '<script>location.href="index.php?tc=banner_ads_query";</script>';
				break;
		}
		break;	
	case 'university':
		switch($process)
		{
			case 'add':
				$sql = "insert into university(`university_name`, `address`,`city`, `zone`, `description`, `phone`, `email`, `url`, `active_status`,`created_datetime`) values ('".mysql_escape_string($_POST['university_name'])."','".mysql_escape_string($_POST['address'])."','".mysql_escape_string($_POST['city'])."','".mysql_escape_string($_POST['zone'])."','".mysql_escape_string($_POST['maincont'])."','".mysql_escape_string($_POST['phone'])."','".mysql_escape_string($_POST['email'])."','".mysql_escape_string($_POST['url'])."','".mysql_escape_string($_POST['authorised'])."','".gmdate('Y-m-d H:i:s')."')";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=university";</script>';
				break;
			case 'edit':
				$sql = "update university set `university_name` = '".mysql_escape_string($_POST['university_name'])."',`address` = '".mysql_escape_string($_POST['address'])."',`city` = '".mysql_escape_string($_POST['city'])."',`zone` = '".mysql_escape_string($_POST['zone'])."',`description` = '".mysql_escape_string($_POST['maincont'])."',`phone` = '".mysql_escape_string($_POST['phone'])."',`email` = '".mysql_escape_string($_POST['email'])."',`url` = '".mysql_escape_string($_POST['url'])."',`active_status` = '".mysql_escape_string($_POST['authorised'])."',`modified_datetime`= '".gmdate('Y-m-d H:i:s')."' where id='".$_POST['page_id']."'";
				mysql_query($sql) or die(mysql_error());
				echo '<script>location.href="index.php?tc=university";</script>';
				break;	
		}
		break;	
}

function generateOrderId()
{
	$qry = "select max(order_id) order_id from page";
	$res = mysql_query($qry);
	$data = mysql_fetch_array($res);

	if(is_null($data['order_id'])) {
		$new_userid = "1";
	}
	else {
		$new_userid = $data['order_id']+1;
	}
	
	return $new_userid;
}
?>
